Tag Archives: Browser
Google is advising anyone who uses the Chrome browser to make sure their browsers have the latest update, which patches a “high” risk security flaw that hackers are already exploiting on unsuspecting victims.
It’s common practice when bugs are disclosed to not immediately share details of how they work until a majority of users have a security patch. The practice allows companies like Google to notify users, and roll out updates, without tipping off any potential bad actors.
While little is known about how the threat, called CVE-2019-5786, works, Justin Schuh, Google’s Chrome engineering and security desktop lead, tweeted on Tuesday that everyone should update their Chrome browser “right this minute” on every device.
Google Chrome updates are usually automatic, however they don’t always roll out to everyone, all at once. If you’d like to trigger a manual update, you can click the three dots in the upper-right corner of the window, select “Help” and “About Chrome.” This will tell users whether their browser is updated or if they need to restart their device to trigger the updated, patched version of the browser.
Hackers have tried to convince potential buyers—and the BBC Russian Service—that they had cracked Facebook’s security and extracted private messages from 120 million accounts. However, according to an outside expert reported by the BBC, it appears likely that at least 81,000 Facebook accounts had their privacy breached. And according to Facebook, the breach is due to malware-containing browser extensions.
“We have contacted browser makers to ensure that known malicious extensions are no longer available to download in their stores and to share information that could help identify additional extensions that may be related,” Facebook’s vice president of product manager, Guy Rosen, said in a statement.
The hackers originally published an offer in September for personal information related to 120 million Facebook accounts on a English-language forum. This included a sample of data that the BBC had an expert examine, confirming that over 81,000 profiles’ private messages were included. An additional 176,000 accounts had data that could have been scraped from public Facebook pages.
Facebook’s Rosen said that its security wasn’t compromised, and urged people to remove any plug-ins they don’t fully trust. Rosen said the social network had notified law enforcement, had the website hosting the Facebook account data had been taken down.
Depending on the browser, plug-in extensions may be able to monitor a user’s activity on any web page. This typically doesn’t include keystrokes, but extensions can sweep in anything rendered on a page for a user to see, such as public and private messages.
Plug-ins that provide toolbars or insert links for coupons for e-commerce are common. However, with so many extensions available, malicious parties have many options: compromise existing software through insiders or poor developer security; release their own seemingly benign plug-ins that provide a useful function alongside snooping; or buy extensions from developers and then update them to include malware.
So, install at your own risk.
Look, we won’t waste your time here. There are more important things going on in the world. But if you use any of Google’s G Suite products, you’ll be glad you read this.
You know how every time you want to create a new Google doc or spreadsheet, you have to go into Google Drive, and then click New, and the click on what kind of file you need, and the whole time you’re just thinking about all the other, better things you could be doing with the six seconds it takes to click those clicks? Good news: You don’t have to do that anymore. Instead, just type in doc.new, or sheet.new, or slide.new, or form.new if you’re an edge case, or whatever. And behold! A new file will unfold before you.
It’s not just those! Variants also work, like sheets.new or spreadsheets.new. And yes, it’s a very small advance. But these days, even the little wins are worth celebrating.
There’s no real magic to this; Google’s just taking advantage of the “.new” top level domain registry, which it has operated since 2014 through its Charleston Road Registry subsidiary. (A TLD is the part of the URL that comes after the dot.) In its application at the time, the company said potential uses “may include but are not limited to applications such as media (tv show.new, author name.new) and marketing campaigns (cheerios.new, shampoo.new).”
“The .new gTLD will provide a new mechanism whereby businesses and individuals can differentiate their content by signifying that their offerings are ‘new,’” the application later continues. A little on the nose, but useful!
In one sense, using .new as a shortcut for G Suite files also serves as something of an advertisement; the company said in a very brief blog post that it plans to open up its fancy TLD to everyone next year. Which is to say, as useful as the Google Docs shortcut is, brace yourself for the shampoo ad sites to come.
More Great WIRED Stories
The last update to Hangouts on Android added arguably the greatest emoticon of them all: ¯_(ツ)_/¯, also known as the shruggie. That was literally the only real update in Hangouts v12. But as spotted by Android Police, Hangouts v13 adds a whole slew of new emoticon Easter eggs. Here’s the full list of new commands: /algebraic /dealwithit /disapprove /facepalm /flowerbeam /happy /lgtm /lit /octodisco /puppyparty /shame /shrug /success /sunglasses /tableback /tableflip /that /this /wizard /yuno Go have fun and test them all out, or just head to the source link below if you have better things to do with your time. They…
This story continues at The Next Web